[
https://issues.apache.org/jira/browse/JCR-3758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13949550#comment-13949550
]
Dave Heath commented on JCR-3758:
---------------------------------
Thanks Angela, that information is very helpful.
> Adding 'deny' entry for Everyone principal to a subnode does not deny access
> to that node for principals defined on parent nodes
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: JCR-3758
> URL: https://issues.apache.org/jira/browse/JCR-3758
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Reporter: Dave Heath
> Attachments: Test_JCR3758.java
>
>
> If I wanted to have a user principal with access to an nt:folder node /a1 but
> no access to the subnode at /a1/a2, I should be able to grant access to that
> user principal on /a1 with Privilege.JCR_ALL and then call
> AccessControlUtils.denyAllToEveryone on /a1/a2. However, granting access on
> /a1 grants access to all subnodes of /a1 unless access is explicitly denied
> for that particular user principal. Denying access to Everyone is only
> effective if the Everyone principal is the means by which the user is granted
> access.
> See the attached test case for an example of this behavior.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
